File: object-allowed-schemas.sub.window.js

package info (click to toggle)
firefox 144.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,637,504 kB
  • sloc: cpp: 7,576,692; javascript: 6,430,831; ansic: 3,748,119; python: 1,398,978; xml: 628,810; asm: 438,679; java: 186,194; sh: 63,212; makefile: 19,159; objc: 13,086; perl: 12,986; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (44 lines) | stat: -rw-r--r-- 1,337 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
async function test_uri(t, uri, expected) {
    const object = document.createElement("object");
    const promise = new Promise((resolve, reject) => {
        object.onerror = e => reject(e.type);
        object.onload = () => resolve("success");
        object.data = uri;
        document.body.append(object);
    });

    if (expected === "success") {
        await promise;
    } else {
        await promise_rejects_exactly(t, expected, promise);
    }

    object.remove();
}

promise_test(async t => {
    await test_uri(t, "about:blank", "success");
}, "about: allowed in object");

promise_test(async t => {
    const blobParts = ['Hello, world!'];
    const blob = new Blob(blobParts, { type: "text/html" })
    await test_uri(t, URL.createObjectURL(blob), "success");
}, "blob: allowed in object");

promise_test(async t => {
    await test_uri(t, "data:,Hello%2C%20World%21", "success");
}, "data: allowed in object");

promise_test(async t => {
    await test_uri(t, "https://{{domains[www]}}:{{ports[https][0]}}", "success");
}, "https: allowed in object");

promise_test(async t => {
    await test_uri(t, "http://{{domains[www]}}:{{ports[http][0]}}", "success");
}, "http: allowed in object");


promise_test(async t => {
    await test_uri(t, "javascript:'x'", "error");
}, "javascript: scheme not allowed in object");